Apple Releases Flashback Malware Removal Tool At Last

Hallelujah, Apple finally does something. The company released its own tool to remove the Flashback malware from compromised Macs.

Apple released the fix as a Java update that would detect and remove Flashback from infected computers on Apr. 12. This is the third update released by the company this week, as the first two closed the Java vulnerability that Flashback was exploiting to infect users in the first place. The latest update is essentially the same update closing the vulnerability, but with the removal tool bundled in.

"This Java security update removes the most common variants of the Flashback malware," Apple wrote in its support document.

Disable Java PluginsInterestingly enough, Apple's update will also disable the Java plugin on all Web browsers (not just Safari) and turn off applet execution by default. Even if the user manually enables automatic execution of applets via the Java Preferences application, it will automatically be disabled if applets haven't been run within 35 days, according to Apple.

"If the Java web plug-in detects that no applets have been run for an extended period of time it will again disable Java applets," Apple wrote.

On one hand, this is not a bad idea, as it closes an attack vector for Macs. Many users who were infected with the Trojan are thought to have had installed it once for whatever reason, and then forgot they had it on their computers. Many security experts have long encouraged users to remove Java unless they absolutely know they need to have it, since sites using Java applet are fewer than they used to be. Disabling automatic applet execution is as close as one gets to uninstalling Java without actually doing so.

Too Little Too Late?On the other hand, it feels a little reactive. Apple has been roundly criticized for its delay in patching the Java vulnerability. Oracle closed the flaw for all non-Mac platforms several weeks ago, but Apple didn't release a fix for Mac OS X until researchers uncovered over half-a-million infected machines. This fix just prevents future Java infections, but it doesn't address the fact that Apple always seems out-of-step when it comes to securing its supposedly-invincible platform.

Apple is a little late with this tool as several security companies have already released their own Flashback removal tools. "While it's encouraging to see Apple taking steps to eradicate the Flashback Trojan, they're late to the party," said Michael Sutton, vice-president of security research at Zscaler ThreatLabZ.

Kaspersky Lab, F-Secure, Mac AVKaspersky Lab launched a Website that users could visit to determine if they are infected. Users enter their computer's UUID on www.flashbackcheck.com, which is then compared against Kaspersky's database of known infected machines. If the UUID exists in the database, users can use the free utility, the Kaspersky Flashback Removal Tool, to scan and remove the malware.

F-Secure also released its own removal tool, available as a Zip file on its Website. Users just need to unzip the package and run the tool. If infections are found, they are quarantined into an encrypted and password-protected Zip file.

Mac antivirus tools, such as the one from Sophos and Kaspersky, have already been updated to detect Flashback. At the moment, Apple still has not added detection for Flashback.K to its built-in malware scanner, XProtect.

Better Late...Apple moved pretty quickly after promising a removal tool earlier this week, so better late than never. But as someone once told me, "Better never late!" Apple still has to learn that lesson.

Automatic Renewal Program: Your subscription will continue without interruption for as long as you wish, unless
you instruct us otherwise. Your subscription will automatically renew at the end of the term unless you authorize
cancellation. Each year, you'll receive a notice and you authorize that your credit/debit card will be charged the
annual subscription rate(s). You may cancel at any time during your subscription and receive a full refund on all
unsent issues. If your credit/debit card or other billing method can not be charged, we will bill you directly instead. Contact Customer Service